No HttpOnly vulnerability detection

[uurien]

What does this PR do?

It detects a vulnerability when HttpOnly flag is not set in a set-cookie header.

To improve the vulnerability detection algorithm in cookies, when in the same set-cookie header call are multiple cookies related vulnerabilities, the location will be calculated only once, at this way we will only expend 1 of our context operations and we will be able to detect more vulnerabilities with the same budget.

Plugin Checklist

• Unit tests.

[github-actions]

Overall package size

Self size: 4.33 MB
Deduped: 60.68 MB
No deduping: 60.72 MB

Dependency sizes

name	version	self size	total size
@datadog/pprof	2.2.1	14.24 MB	15.12 MB
@datadog/native-iast-taint-tracking	1.4.1	14.85 MB	14.86 MB
@datadog/native-appsec	3.2.0	13.38 MB	13.39 MB
protobufjs	7.1.2	2.76 MB	6.55 MB
@datadog/native-iast-rewriter	2.0.1	2.09 MB	2.1 MB
@opentelemetry/core	1.3.1	784.66 kB	1.37 MB
@datadog/native-metrics	2.0.0	898.77 kB	1.3 MB
@opentelemetry/api	1.4.1	780.32 kB	780.32 kB
opentracing	0.14.7	194.81 kB	194.81 kB
semver	7.3.8	88.2 kB	118.6 kB
@datadog/sketches-js	2.1.0	109.9 kB	109.9 kB
lodash.sortby	4.7.0	75.76 kB	75.76 kB
lru-cache	7.14.0	74.95 kB	74.95 kB
ipaddr.js	2.0.1	59.52 kB	59.52 kB
ignore	5.2.0	48.87 kB	48.87 kB
import-in-the-middle	1.3.5	34.34 kB	38.81 kB
istanbul-lib-coverage	3.2.0	29.34 kB	29.34 kB
retry	0.10.1	27.44 kB	27.44 kB
lodash.uniq	4.5.0	25.01 kB	25.01 kB
limiter	1.1.5	23.17 kB	23.17 kB
lodash.kebabcase	4.1.1	17.75 kB	17.75 kB
lodash.pick	4.4.0	16.33 kB	16.33 kB
node-abort-controller	3.0.1	14.33 kB	14.33 kB
crypto-randomuuid	1.0.0	11.18 kB	11.18 kB
diagnostics_channel	1.1.0	7.07 kB	7.07 kB
path-to-regexp	0.1.7	6.78 kB	6.78 kB
koalas	1.0.2	6.47 kB	6.47 kB
methods	1.1.2	5.29 kB	5.29 kB
module-details-from-path	1.0.3	4.47 kB	4.47 kB

_{🤖 This report was automatically generated by heaviest-objects-in-the-universe}

[codecov]

Codecov Report

Merging #3228 (683dd20) into master (f2e3022) will increase coverage by 1.25%.
The diff coverage is 94.28%.

@@            Coverage Diff             @@
##           master    #3228      +/-   ##
==========================================
+ Coverage   84.74%   86.00%   +1.25%     
==========================================
  Files         197      193       -4     
  Lines        8075     7493     -582     
  Branches      133       33     -100     
==========================================
- Hits         6843     6444     -399     
+ Misses       1232     1049     -183     

Impacted Files	Coverage Δ
...es/dd-trace/src/appsec/iast/analyzers/analyzers.js	100.00% <ø> (ø)
...ckages/dd-trace/src/appsec/iast/vulnerabilities.js	100.00% <ø> (ø)
...rc/appsec/iast/analyzers/vulnerability-analyzer.js	83.33% <66.66%> (ø)
...trace/src/appsec/iast/analyzers/cookie-analyzer.js	95.45% <95.45%> (ø)
.../appsec/iast/analyzers/insecure-cookie-analyzer.js	100.00% <100.00%> (ø)
...psec/iast/analyzers/no-httponly-cookie-analyzer.js	100.00% <100.00%> (ø)
...c/iast/analyzers/set-cookies-header-interceptor.js	100.00% <100.00%> (ø)

... and 6 files with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[pr-commenter]

Benchmarks

Comparing candidate commit 683dd20 in PR branch ugaitz/no-http-only-cookie with baseline commit f2e3022 in branch master.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 443 metrics, 29 unstable metrics.